package com.auth2resource.config;

import com.auth2resource.config.exception.AuthExceptionEntryPoint;
import com.auth2resource.config.exception.CustomAccessDeniedHandler;
import com.auth2resource.config.exception.CustomTokenExtractor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;


@ConditionalOnProperty(prefix="jdbc",name = "flag", havingValue = "redis")
@Configuration
@EnableResourceServer
public class RedisResourceServerConfigurer extends ResourceServerConfigurerAdapter {

    @Autowired
    private CustomTokenExtractor customTokenExtractor;
    @Autowired
    private AuthExceptionEntryPoint authExceptionEntryPoint;
    @Autowired
    private CustomAccessDeniedHandler customAccessDeniedHandler;

    @Override
    public void configure(HttpSecurity http) throws Exception {
//        super.configure(http);
        http.csrf().disable()
                .authorizeRequests()
                //放行路径
                .antMatchers("/login**","/refrech_token**").permitAll()
                //拦截querUser路径
                .antMatchers("/**").access("#oauth2.hasScope('app')")
                .anyRequest().permitAll();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        super.configure(resources);
        resources.tokenExtractor(customTokenExtractor);
        resources.authenticationEntryPoint(authExceptionEntryPoint)
               // .authenticationEntryPoint(new LLGAuthenticationEntryPoint()) //自动续签token信息
                .accessDeniedHandler(customAccessDeniedHandler);
    }
}
